<?php
require_once('AuthorizationHandler.class.php');

/**
 * PrivilegeAuthorizationHandler determines the method of authorization by
 * checking for a single privilege, which can also be contained in a namespace.
 *
 * @author  Sean Kerr
 * @package mojavi
 * @package auth
 * @since   2.0
 */
class PrivilegeAuthorizationHandler extends AuthorizationHandler
{

    /**
     * Create a new PrivilegeAuthorizationHandler instance.
     *
     * @access public
     * @since  2.0
     */
    function PrivilegeAuthorizationHandler ()
    {

    }

    /**
     * Determine the user authorization status for an action request by checking
     * verifying against a required privilege.
     *
     * <br/><br/>
     *
     * <note>
     *     This should never be called manually.
     * </note>
     *
     * @param Controller A Controller instance.
     * @param Request    A Request instance.
     * @param User       A User instance.
     * @param Action     An Action instance.
     *
     * @access public
     * @since  2.0
     */
    function execute (&$controller, &$user, &$privilege, $namespace='org.mojavi')
    {

        if (!$user->isAuthenticated())
        {
                return FALSE;
        }
        
        if ($privilege != NULL &&  !$user->hasPrivilege($privilege[0], $namespace))
        {

            // user doesn't have access
                return FALSE;
        }

        // user is authenticated, and has the required privilege or a privilege
        // is not required

        return TRUE;
    }
}


?>
